« Back to home page

Simple Score Submission Security

keys!

If you’ve made a Flash game with a PHP high score table without any security before, you’ve probably found some unpossible scores sitting on top of your chart when you wake up one morning. Well, in this tutorial, we’ll see how to implement a simple encryption system that is relatively secure for Actionscript 3.0. It’s not perfectly secure, but it will fend off your usual score cheater. This tutorial also assumes that you know the basics of implementing a high score system in Flash and PHP. If you don’t, please check out this tutorial.

The basic concept of this method is to use MD5 to hash the submission data with a key. Then we send the data, along with the MD5 hash to the PHP script. The PHP script takes the data, and hashes it with the same key. If the two hashes match, then we know it’s legit.

First, let’s go over what to do on the Flash side of things. We will need an encryption API capable of MD5 for AS3, such as this encryption package by Geoffrey Williams. There are others which can be found by Googling, but this one is pretty simple to use.

Suppose we want to submit the player’s name and score, we construct a string of those values:

var playerData:String = playerName + playerScore;

Then we use the MD5 package to hash it with a key, which is a secret string that we make up. Assuming we are using the package shown above, the code would look something like this:

var key:String = "HASH_KEY";
var hashData:String = MD5.hex_hmac_md5(key, playerData);

After we have this, we just send both the playerData and hashData to our PHP score submission script using a POST method.

Over on the PHP script, we take the playerData, and run it through MD5 with the same secret key that we used in Flash. If the result matches the hashData that we received from Flash, then it’s a valid score submission. The operative PHP functions here are bin2hex and mhash.

$key = "HASH_KEY";
$result = bin2hex(mhash(MHASH_MD5, $playerData, $key));
if ($result == $hashData)
{
    //record submission
}

Thats all there is to this encryption method. You’ve probably noticed, but the one flaw to this method is that if the hacker has access to the Flash source, then he can find out the secret key and beat the system. Fortunately, as far as I know, there are no public AS3 decompilers yet. Should one appear, we’d have to use obfuscation to hide the key or use some sort of SWF encryption program such as Amayeta. Nonetheless this method should keep most casual cheaters off your back.

Tags: , , ,

You can leave a response, or trackback from your own site.

Previous Post:
Next Post:

31 Responses to “Simple Score Submission Security”

  1. andrew says:
    January 17th, 2008 at 12:19 pm

    useful idea! however, just fyi – mhash is deprecated in the newest versions of PHP, there’s a new built-in hash library

    you’d actually want to use: hash(“md5″, $playerData, $key)

    - andrew

  2. Kriss Daniels says:
    January 30th, 2008 at 8:35 am

    Sorry but this doesn’t work, the general flash score hacker does it by tweaking internal flash variable numbers (ie their score) using simple memhack (think action replay) cheat software.

    So they probably wouldn’t even notice this…

    I use replays. Sounds complicated but isn’t that bad if you only check suspicious scores and do so on the client.

  3. John says:
    November 20th, 2009 at 3:29 am

    A bit late but it is actually the hash_hmac function that you would want to use e.g.

    hash_hmac(‘md5′, $playerData, $key);

  4. vv0lll says:
    December 5th, 2010 at 10:29 pm

    But, what’s up if the hacker decompiles our Flash and they know how we encoded our data ?

  5. doogog says:
    December 8th, 2010 at 7:24 pm

    Yes, if they decode your file, this method will be revealed.

  6. Unlimited Master Reseller says:
    May 5th, 2011 at 1:29 am

    I loved everything. Please keep posting tips regarding different scripts.

  7. Konsult says:
    February 21st, 2012 at 8:44 am

    What’s Happening i am new to this, I stumbled upon this I’ve discovered It positively useful and it has helped me out loads. I hope to give a contribution & assist other users like its helped me. Great job.

  8. rhythm flash games says:
    April 20th, 2012 at 11:11 pm

    rhythm flash games…

    [...]Doogog.com » Blog Archive » Simple Score Submission Security[...]…

  9. Jfxzchyy says:
    May 1st, 2012 at 3:24 pm

    very best job http://ofapolyykeg.blog.free.fr/ teen lily model Beautiful Heather. We love your new friend. Now if your husband would’ve done her from behind and unloaded right after you, now that’s acadamy award material!

  10. Xxxnisad says:
    May 2nd, 2012 at 8:30 pm

    What university do you go to? http://mobakefisu.de.tl nudist nude models I’d love to give her a facial every night. Gotta keep the woman happy! Don’t think I’d ever go out of town, tho…LOL!

  11. Chajsxma says:
    May 3rd, 2012 at 10:25 am

    I stay at home and look after the children http://kiqedeteno.de.tl sarah model She’s hot and all but I can’t jerk off to this! I mean I could but it wouldn’t be as good as with porn.

  12. Qmndjxmy says:
    May 6th, 2012 at 9:08 pm

    I’m about to run out of credit http://uesulajar.de.tl daddys little pussy I love how he finishes, he doesnt give a fuck if she cant take any more while hes cumming, she literally pukes his cock out, fuckin hot

  13. Dztlkhqz says:
    May 6th, 2012 at 9:09 pm

    How would you like the money? http://dykusepebojic.de.tl porn little cuties
    Yes, she’s got a great pussy and nice tits, but couldn’t she find a cock to do the work, instead of abusing some dumb as a brick vibrator?

  14. site says:
    May 27th, 2012 at 8:53 am

    Wanted to drop a remark and let you know your Feed isnt working today. I tried adding it to my Google reader account and got absolutely nothing.

  15. here says:
    May 28th, 2012 at 9:41 am

    Can you email me with any hints & tips on how you made this blog look this cool , Id appreciate it!

  16. software free 24 says:
    July 19th, 2012 at 6:54 am

    I have read so many articles on the topic of the blogger lovers except
    this post is actually a nice paragraph, keep it up.

  17. Staci says:
    November 29th, 2012 at 2:57 pm

    For most up-to-date information you have to pay a visit world-wide-web and on world-wide-web I
    found this website as a best site for latest updates.

  18. websites says:
    December 21st, 2012 at 5:00 pm

    I approximating this post, enjoyed this one regards for putting up.

  19. Hdecwzwd says:
    December 31st, 2012 at 3:29 am

    I’m doing an internship

  20. http://tinyurl.com/marijenks47328 says:
    January 11th, 2013 at 9:02 am

    “Doogog.com

  21. Yljghjfc says:
    April 8th, 2013 at 12:17 am

    Languages jennaj
     id tap that

  22. Lhkoyerc says:
    April 9th, 2013 at 8:43 am

    I want to make a withdrawal bigboobsz
     LOL i can’t believe that got me off..

  23. Ioccrrya says:
    April 9th, 2013 at 8:43 am

    Jonny was here babblesex
     love this vid. Not in my face Motherf*cker

  24. Cody says:
    April 9th, 2013 at 7:40 pm

    Could I order a new chequebook, please? naked lolita girls peeing number one, the girl is hot,nice and horny and a plus for her, she got a tight pussy but then again what kind of a boyfriend in his healthy mind would allow his girl to get banged by some other dude…!!!’it’s good what you did DFW, i would have come in her pussy,too..But did she get pregnant or was it just for the film?

  25. Gavin says:
    April 9th, 2013 at 7:41 pm

    How do you know each other? young lolita rape pics Maybe this film will help pay for her brand-new shiny pussy!

  26. porn says:
    April 14th, 2013 at 10:06 am

    I’ve been browsing online greater than 3 hours nowadays, yet I never discovered any attention-grabbing article like yours. It’s lovely value enough for me. In my opinion, if all webmasters and bloggers made good content as you did, the net might be much more useful than ever before.

  27. evolv health says:
    April 27th, 2013 at 8:22 pm

    Excellent post. I was checking continuously this weblog and I am impressed! Very helpful info specifically the closing part :) I handle such information much. I was seeking this certain information for a long time. Thanks and good luck.

  28. Christy says:
    April 28th, 2013 at 1:50 am

    I wanted to thank you for this excellent read!! I absolutely loved every bit
    of it. I’ve got you saved as a favorite to check out new things you post…

    Feel free to visit my page :: Christy

  29. asesores de ventas online says:
    May 6th, 2013 at 9:28 pm

    Hello there, simply turned into alert to your weblog through Google, and found that it’s truly informative. I’m gonna be careful for brussels. I’ll be grateful if you happen to continue this in future. Many other people shall be benefited out of your writing. Cheers!

  30. dree porn says:
    May 8th, 2013 at 4:46 am

    I am extremely inspired along with your writing skills and also with the layout in your weblog. Is that this a paid subject or did you modify it your self? Either way keep up the nice high quality writing, it’s uncommon to see a nice weblog like this one today..

  31. phoenix arizona car insurance says:
    May 9th, 2013 at 5:18 pm

    What i do not realize is actually how you’re not actually much more smartly-appreciated than you may be right now. You are very intelligent. You recognize therefore considerably with regards to this topic, made me in my opinion imagine it from so many numerous angles. Its like women and men don’t
    seem to be fascinated except it is one thing to accomplish with Lady gaga!
    Your own stuffs nice. All the time deal with it up!

Leave a Reply